<?php
if ($_SERVER['REQUEST_METHOD'] != 'POST') exit;

foreach($_POST as $key => $value) $_POST[$key] = urldecode(trim($value));
include_once 'includes/geshi.php';
include 'includes/dbclass.php';
include 'config.php';
$db = new db($dbhost, $dbuser, $dbpass, $dbname);
$name    = $_POST['name'];
$comment   = base64_decode($_POST['comment']);
$function	= $_POST['function'];
$code    = $_POST['code'];

$errors  = array();
if ($name == '')
	$errors[] = "Please enter a name/email.";

if ($comment == '')
	$errors[] = "Please enter a comment";
	
if (sizeof($errors) == 0) {
  require_once 'includes/securimage/securimage.php';
  $img = new Securimage;
  if ($img->check($code) == false) {
    $errors[] = "Incorrect security code entered";
  }
}

if (sizeof($errors) > 0) {
  $str = implode("\n", $errors);
  die("There was an error with your submission!  Please correct the following:\n\n" . $str);
}

//if they pass all checks...
$now = time();

$res = $db->query("SELECT id FROM functions WHERE name = '$function'");

$row = mysql_fetch_assoc($res);
$f_id = $row['id'];
$db->query("INSERT INTO comments (f_id, user, comment, date) VALUES ($f_id, '$name', '$comment', $now)");
die('OK');